<

Windows Server 2008 – Transferring Active Directory FSMO Roles

Posted on
7,018 Points
918 Views
1 Endorsement
Last Modified:
Published
Experience Level: Beginner
6:02
Rodney Barnhardt
I have over 30 years in the IT industry. During this time I have worked with a variety of products in a variety of industries.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller.

Video Steps

1. Log onto the new domain controller with a user account that is a member of both the Enterprise and Schema Admins

2. If there are no other Global Catalog servers in the environment, ensure the new DC is a Global Catalog server. Launch Active Directory Sites and Services, expand the site, expand servers, then highlight the new server

3. Select NTDS Settings in the right panel, right-click, and select Properties. Ensure the Global Catalog box is checked.

4. The schema management DLL must be registered. To do this, click on the Start button and in the Run box type: regsvr32 schmmgmt.dll and hit the enter key. Ensure the DLL is registered successfully.

5. Click on Start and select Run again. Type MMC in the box and hit the enter key. From the console, select File and Add\Remove Snap-In.

6. Select the Active Directory Schema and click the Add radio button, then click OK

7. In the console, highlight Active Directory Schema, right-click and select Change Active Directory Domain Controller. This is because by default, it connects to the existing Schema Master and there is not an option to transfer it.

8. Select the domain controller where the role will be transferred to and click OK

9. Click OK on the warning that you are no longer connected to the Schema Master

10. In the console, highlight Active Directory Schema, right-click and select Change Operations Master. This will show the current Schema Master and provides the options to change it to the one you are currently connected. Click the Change radio button to switch the server. Verify this is the desired task by clicking Yes.

11. Ensure the change is successful

12. To change the Domain Naming Master, launch the Active Directory Domains and Trusts. On the console, highlight Active Directory Domains and Trusts, right-click and select Change Active Directory Domain Controller. Select the domain controller you would like to move the role to and click OK.

13. Highlight Active Directory Domains and Trusts again, right-click and select Change Operations Master. Review the current and new servers. Click the Change radio button to switch the server. Verify this is the desired task by clicking Yes.

14. The final three roles are transferred with the Active Directory Users and Computers tool, so click on Start, Administrative Tools, and select it from the list.

15. Highlight Active Directory Users and Computers, right-click and go to All Tasks, and select Operations Masters. Tabs for the final three roles appear. On the RID screen click the Change radio button. Confirm the change by clicking Yes, and ensure the role was transferred successfully.

16. Select the PDC tab, click the Change radio button. Confirm the change by clicking Yes, and ensure the role was transferred successfully.

17. Select the Infrastructure tab, click the Change radio button. Confirm the change by clicking Yes, and ensure the role was transferred successfully.

1
0 Comments
In this article, I will show you how delegation of control for Bitlocker recovery passwords in Active Directory is supposed to work using the common wizard, and why I think that you should do it differently.
This is a showcase article for admins, who intend to go passwordless. I finally got there and it was quite a ride, so to say.

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month